<?php
include("./init_admin.php");
?>
<?php
// login function
function login($conn) {
	if(isset($_SESSION['admin_user']) ) {
		echo '<script language="javascript" type="text/javascript">document.location.href="categories.php" </script>';
		exit;
	}
	if (!empty($_POST)) {
    $data = utils::gpc_check($_POST);
		$sql = "SELECT id_user FROM users_grants WHERE user_type=1 AND username = '".$data['user']."' AND password = '".$data['password']."'";
		ob_start();
		$rs = mysql_query($sql, $conn);
		if (mysql_error()) {
			ob_clean();
			echo '<html><head><link rel="stylesheet" type="text/css" href="../css/style.css"></head><body><span class="err_msg">bad login</span>';
			ob_end_flush();
			exit;
		}
		ob_end_clean();
		if (mysql_num_rows($rs) > 0) {
			if ($row = mysql_fetch_array($rs)) {
				$_SESSION['user_id'] = $row[0];
				$_SESSION['admin_user']=1;
				session_regenerate_id();
				echo "<script type=\"text/javascript\">document.location.replace('categories.php');</script>";
				mysql_free_result($rs);
				exit;
			}
		} else {
			echo '<html><head><link rel="stylesheet" type="text/css" href="../css/style.css"></head><body><span class="err_msg">bad login</span>';
			exit;
		}
	} else {
		$content='
		<html>
		<head>
			<title>'.BIZ_NAME.'</title>
			<link rel="stylesheet" type="text/css" href="style.css">
		</head>
		<table width="100%" cellspacing="3" cellpadding="0" border="1" align="left" >
			<tr>
				<td style="width:100%;height:200px;vertical-align:middle;text-align:center;">
				<script language="javascript" type="text/javascript" src="./script.js"></script>
				<link rel="stylesheet"  type="text/css" href="./style.css">
				<form name="frmLogin" method=POST action="'.PAGE_NAME.'"  onsubmit="return xsubmit(\'frmLogin\')">
					<table border="0" cellpadding="2" cellspacing="1" width="30%" style="border:black;border-collapse:collapse;text-align:center;" align="center">';
		$content.='
						<tr class="hgt50">
							<td>Username</td>
							<td><input type="text" class="text" name="user"></td>
						</tr>
						<tr>
							<td>Password </td>
							<td><input type="password" class="text" name="password"></td>
						</tr>
						<tr class="hgt50">
							<td colspan="2" align="center">
								<input type="submit" class="btn" value="Login">
							</td>
						</tr>
					</table>
				</form>
				<script language="javascript" type="text/javascript">
					addfields("frmLogin");
					var k=document.forms["frmLogin"].elements;
					k["user"].oblig=true;
					k["password"].oblig=true;
				</script>
				</td>
			</tr>
		</table>';
		echo $content;

	}
}
?>
<?php
// execution
	login($conn);

?>